Updates from BeyondTrust have been made available to fix a serious security vulnerability that affects Privileged Remote Access (PRA) and Remote Support (RS) products This article explores vulnerability beyondtrust remote. . If exploited successfully, this vulnerability could lead to remote code execution.

In an advisory published on February 6, 2026, the company stated that "there is a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and some older versions of Privileged Remote Access (PRA)." An unauthenticated remote attacker might be able to run operating system commands in the context of the site user by sending specially constructed requests." The vulnerability has been given the CVE identifier CVE-2026-1731 and is classified as an operating system command injection vulnerability. According to the CVSS scoring system, it has a 9.9 rating.

According to BeyondTrust, if the vulnerability is successfully exploited, an unauthenticated remote attacker may be able to run operating system commands in the context of the site user, leading to data exfiltration, unauthorized access, and service interruption. Remote Support versions 25.3.1 and earlier Privileged Remote Access versions 24.3.4 and earlier are affected by the problem. The following patches have been applied to it: Remote Support Patch BT26-02-RS, 25.3.2, and later Patch BT26-02-PRA, 25.1.1 and later for Privileged Remote Access Additionally, if the instance is not set up for automatic updates, the company advises self-hosted users of Privileged Remote Access and Remote Support to manually apply the patch.

To apply this patch, users of Privileged Remote Access versions older than 22.1 or Remote Support versions older than 21.3 must also update to a newer version. It further stated that "PRA self-hosted customers may also upgrade to 25.1.1 or a newer version to remediate this vulnerability." Harsh Jaiswal, a security researcher and co-founder of Hacktron AI, claims that an artificial intelligence (AI)-enabled variant analysis identified the vulnerability on January 31, 2026, and that it found roughly 11,000 instances exposed to the internet.

To give users time to apply the patches, more information about the flaw has been kept secret. Jaiswal stated, "Roughly 8,500 of those are on-premises deployments, which remain potentially vulnerable if patches aren't applied."

Users must update to the most recent version of BeyondTrust Privileged Remote Access and Remote Support as soon as possible for the best protection because security flaws in these programs have previously been actively exploited.